Goodbye template.html
As of CrushFTP 4.1, there won't be any real "html" templates anymore. CrushFTP 4.1 uses XML and XSLT to generate the entire web interface allowing it to be completely customizable. All the data is provided in the XML, all you need to do is just decide how you want it formatted. The XML is then rendered either server side or client side to HTML to display.
As a result, the template.html file is now gone. One single file provides the WebInterface, template.xsl. You can make copies of it and individualize it for your various needs. Each user can have their own dynamic customized WebInterface. Easily incorporate your company's logos and CSS styles. The CrushFTP logo is provided as a template, but you don't need to keep it there. Simple replace the logo.gif with your own file and brand the WebInterface to your liking.
Security
A little about security. If your using HTTP for logins, you run the risk that someone could be watching your network traffic and gain access to your user and password for the server. So if this is soemthing you're concerned about, CrushFTP can do HTTPS as well. As it "ships", HTTPS is configured on the default port of 443. So if you point your browser to "https://your_ip/" you will be asked about a certificate not ebing valid. Click continue and you can then login. Everything is then encrypted and secure.
Self Signed Certificate
The warning about the certificate is because the certificate hasn't been given from a certificate authority. That cost around a minimum of $70 per year for a SSL certificate. What would it provide for you? If you are worried about someone hijacking your connection and providing their own CrushFTP instance with their own certificate generated that looks like yours...then you could be compromised. If your not the government or some kind of banking site...you probably won't have that concern. I can come up with far fetched scenarios where it could happen, but its pretty unlikely it would.
Anonymous Access
If you create an account named "anonymous" then no user/pass will be asked when a user connects to CrushFTP. Anonymous is just like any other account in CrushFTP, except it accepts any password. There is a link on the WebInterface allowing a user to "login" to see theirfiles. I highly recommend you never give "anonymous" upload rights. An example for an anonymous account is how you downloaded CrushFTP from me. I provide anonymous access to teh CrushFTP applications for anyone to download. Never think that because you didn't give your IP out to anyone that that makes you secure. Just be safe and only give the "anonymous" user access to files you truly wouldn't mind anyone having. If you don't make a user named "anonymous" then you have nothing to worry about.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment